NGINX 重定向 HTTPS 到 HTTPS

Question

How can I redirect https from one domain to https of another?

Case description:

I own three domains that is directed to the same ip/website in the NS server:

1. example1.com
2. example2.com
3. example3.com

I paid only for one SSL licence that initially was issued for the first domain, so when I bought the second domain, I redirected all traffic to https://example1.com

Lately, I wanted to redirect all calls to a new domain: https://example3.com . I reissued the old SSL licence for the new domain and installed it successfully. The last part is redirecting all traffic to the new domain.

Now, all traffic from http is redirect well, but http s ( https://example1.com and https://example2.com ) is not directed at all, and results in working "Not secure" page.

When I try to listen to 443 SSL and redirect if from 1&2 name servers to the third one and run service nginx restart , I get:

Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

When I run systemctl status nginx.service , I get:

nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2020-05-24 17:53:24 UTC; 4min 5s ago
  Process: 14068 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 13952 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 14073 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
 Main PID: 13957 (code=exited, status=0/SUCCESS)

My guess I'm doing something wrong and redirecting 443 SSL twice is not allowed.

Code

This is my conf that is working without redirecting https example1.com and example2.com:

On /etc/nginx/nginx.conf I have include /etc/nginx/sites-enabled/*; .

On /etc/nginx/sites-enabled/example3.com.conf I wrote this:

server {
    listen 80;
    server_name example3.com wwww.example3.com example1.com www.example1.com example2.com www.example2.com;
    rewrite ^/(.*) https://example3.com/$1 permanent;
}


server {
    listen 443 ssl;
    server_name example3.com;
    ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
    ssl_certificate_key /etc/ssl/websitessl/example3.com.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;
}

This is maybe duplication of this: HTTPS to HTTPS redirect Nginx But I failed to make it work.

Answer 1

Thank's to @RichardSmith, I learned that in order to redirect HTTPS to HTTPS without "Page not secure" warning, you should put the ssl_ statements out of the server blocks so all the domains will be included.

ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/websitessl/example3.com.key;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

server {
        listen  80 default_server;
        listen  443 ssl default_server;
        return  301 https://example3.com$request_uri;
}

server {
    listen 443 ssl;
    server_name example3.com;

    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;
}